A large and increasing portion of the information handled in the modern office environment is digital. Many organizations, institutions, and establishments store, handle and manipulate most of their information, and/or information associated with their activities, in one or more digital forms. In many cases, such information may include confidential, secret or otherwise sensitive information, which, in the wrong hands, may cause serious damage to the owner or keeper of the information and/or to those associated with the owner or keeper of the information. Organizations subject to risk of sensitive information being provided to unauthorized, possibly hostile entities, include commercial companies, government agencies, academic institutions and/or health care facilities.
An application may distribute, publish or disseminate information in files or other content or data accessed or loaded by the application, a data leakage prevention (DLP) system may be required to inspect content or data accessed or loaded by applications, in order to prevent sensitive information leakage. A DLP system may detect attempts or requests to access content or data and enforce access policies. For example, an application may be allowed or denied access to a file, or the file may be inspected prior to enabling an application to access the file. With respect to content inspection, upon detecting an attempt made by an application to access content, a DLP system inspects the content and based on the result of the inspection, allows or denies access.
However, inspection of content may typically cause a burst of computation and input/output (I/O) operations that may translate to poor responsiveness of an application, extended load or startup time, and/or a general degradation in performance. Further aggravating the problem may be the typical case where an application may access many files or other content objects during a startup phase, while a user is waiting for the application to commence normal operation, e.g., respond to input or perform expected tasks.
Furthermore, as typical, loading of files by an application may be sequential or serial, wherein such sequential access combined with the inspection of loaded files by a DLP system may require extended time periods. Accordingly, applications may require extended periods of time before they are ready to commence normal, expected operation. Although possibly to a lesser degree, the problems described above may also be present during normal operation of an application or program, namely, whenever an application is required to load or access files.
There is a need in the art for a system and/or method to enable efficient and secured application data access control, either during application startup or during normal operation of an application.
It will be appreciated that for simplicity and clarity of illustration, elements shown in the figures have not necessarily been drawn to scale. For example, the dimensions of some of the elements may be exaggerated relative to other elements for clarity.